Exploit code released for RealPlayer, IE flaws

Page Tools

Exploit code which takes advantage jointly of a vulnerability in
RealPlayer and one in Microsoft's Internet Explorer to compromise a
system has been released on the web, following the publication of
the RealPlayer flaw.

Details of the flaw were released by a researcher who goes by
the name of http-equiv, in an advisory issued by Secunia.

The flaw lies in the fact that RealMedia (.rm) files can open
local files in the browser built into RealPlayer. This means a
malicious website can load a local HTML document in a local context
by using a specially crafted RealMedia file.

http-equiv said he had confirmed the flaw on version 10.5 (build
6.0.12.1056) of RealPlayer but other versions could be affected as
well.

As a workaround, he suggested that people avoid opening
RealMedia files from an untrusted source and restrict such files
from being opened automatically from within browsers.